[Lognorm] Escape [ and ]
Фадеев Виталий Львович
fvl at mail.ru
Wed Jun 10 08:21:59 CEST 2015
Also, i did not find how to get IPv6 and IPv4 string
For example:
IP: 2607:f8b0:4000:807::1006:
IP: 64.233.160.106
This all of google.com
Среда, 10 июня 2015, 6:15 UTC от Chris Schafer <chrisp.schafer at gmail.com>:
>Glad I can help. I spent way too much time learning this stuff and I don't get to use it often enough :)
>On Tue, Jun 9, 2015 at 11:13 PM David Lang < david at lang.hm > wrote:
>>On Wed, 10 Jun 2015, Фадеев Виталий Львович wrote:
>>
>>>
>>> Hi!
>>> I want to log all from apache. I use custom log in apache that looks like:
>>>
>>> [2015-06-09 18:27:07 197 NOVT] [192.168.1.67] [192.168.1.67] [192.168.1.254] [818] [/var/www/host/css/button.css] [192.168.1.67] [HTTP/1.1] [1] [-] [GET] [5064] [?v=0] [GET /css/button.css?v=0 HTTP/1.1] [-] [200] [200] [0] [/css/button.css] [hostname.domain] [hostname.domain] [+] [1540] [1138] [" http://hostname.domain/index.html "] ["Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Firefox/38.0"]
>>>
>>> For example, i create test.log that contains:
>>> [2015-06-09 16:47:34 830 NOVT]
>>>
>>> and test.rb:
>>> rule=:[%date:date-iso% %time:time-24hr% %microsec:number% %timezone:char-to:]%
>>>
>>> If i try i get:
>>> $ lognormalizer -r test.rb -e json < test.log
>>> { "originalmsg": "[2015-06-09 16:47:34 830 NOVT]", "unparsed-data": "]" }
>>>
>>> How to parse data between [ and ] ?
>>
>>you almost have it correct. The only thing that you are missing is that char-to
>>doesn't 'consume' the matching character, so your rule would need to be:
>>
>>rule=:[%date:date-iso% %time:time-24hr% %microsec:number% %timezone:char-to:]%]
>>
>>David Lang
>>_______________________________________________
>>Lognorm mailing list
>>Lognorm at lists.adiscon.com
>>http://lists.adiscon.net/mailman/listinfo/lognorm
>>_______________________________________________
>>Lognorm mailing list
>>Lognorm at lists.adiscon.com
>>http://lists.adiscon.net/mailman/listinfo/lognorm
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.adiscon.net/pipermail/lognorm/attachments/20150610/4650e2ce/attachment.html>
More information about the Lognorm
mailing list